Blockchains - Private Input
Introduction
Blockchains such as Ethereum provide all the information that is needed to compute the next state to all validators. This means all inputs to smart contracts are public to anyone. However, there are applications where it is desirable for inputs to be private, but the result of the smart contract should still be verifiable. For example, electronic voting is a popular application in which we want to ensure that each vote is kept hidden, and we should be able to verify the voting result for correctness. With the current smart contracts on Ethereum, this is not possible without using complex and expensive cryptographic operations such as homomorphic encryptions. At the same time, we are in a bit of a dilemma. We want to be able to keep inputs hidden, but at the same time allow all verifiers access to the input data to be able to run the smart contract, which ensures the correctness. This is where two cryptographic primitives come in at the same time1. These are:
- Zero-knowledge proofs
- Multiparty computation
The idea to use Zero-knowledge proofs and Multiparty computation is used by Aleph Zero, in their privacy-preserving smart contract framework Liminal. The idea of multiparty computation comes in to ensure that not a single node contains all the information, but only a part of it. This ensures that the privacy is ensured, as long as all servers owning the secrets are not collaborating maliciously. The implementation is currently not publicly available, so it is hard to go into details on how exactly it works.
However, let us dive into what the two cryptographic primitives can provide.
Zero-knowledge proofs
As we know, zero-knowledge proofs provide a way for a prover to to prove a certain property about a message or prove knowledge of a message. Zero-knowledge proofs allow to for example prove the validity of a transaction to a verifier without revealing the full transaction details such as the amount.
Multiparty computation
Multiparty communication is a cryptographic primitive with which a number of parties cooperate to compute a result together. One famous example of multiparty computation is the millionaires problem, where three parties A, B, C with salaries a, b, c want to basically compute max(a,b,c) without the help of a trusted third party and without revealing their salaries to each other. That is, the only information that should be learned is the maximum salary. This problem has been solved with many different approaches such as homomorphic encryption or secret sharing. Most importantly though, its possible to compute this kind of function without privacy leakage.
The main idea of multiparty computation is thus to create a protocol in which no party learns the full information. We can apply this to blockchains in the above mentioned way. If for example, there is an input to a smart contract function, we can apply a multiparty computation protocol to compute the result of the function, without any party knowing the full input. The input could be secret shared amongst a number of validators that communicate between each other to compute the function output of the smart contract.
Conclusion
Hence, where does this leave us?
Currently, it is hard to say when and how this approach will be deployed and whether it will be scalable and successful. However, it will be interesting to assess when it does deploy. According to the timeline of Aleph Zero, their multiparty computation framework will soon release. We just have to wait a bit longer…
-
It is also possible to build private smart contracts on Trusted Execution Environments such as Intel SGX. One blockchain using this technology is the “Secret Network”. However, Intel SGX suffers from attacks and has shown vulnerabilities in the past (See e.g. https://twitter.com/hdevalence/status/1482898387422760963). ↩︎